There has been much discussion in the media regarding the use of virtual private networks (VPNs) in the United Arab Emirates (UAE), triggered by the recently announced Federal Law No. (12) of 2016 (the Amendment), which amends Federal Decree-Law No. (5) of 2012 on Combating Cybercrimes (the Law). The Amendment, which revisits the use of VPNs in the UAE, has raised potential concerns over the use of VPN technology in the UAE. In this alert we examine the legal and practical risks associated with using VPNs in the UAE.
The key provision of the Amendment, as cited by the press, states that an imprisonment term and/or a financial penalty of between AED 500,000 and AED 2 million could be imposed on any person that uses a fraudulent VPN address for the purposes of committing a crime or preventing its discovery.
What this means for businesses and individuals
The Telecommunications Regulation Authority has clarified that the Law and Amendment are not intended to prohibit companies, financial institutions and banks in the UAE from lawfully using VPN technology in order to access their global IT networks. Rather, they target individuals or businesses using false IP addresses for the purposes of committing a crime or preventing its discovery.
It is also worth mentioning that the imposition of fines and periods of imprisonment, as provided for under the Amendment, is not new: the Law previously sanctioned the same offences with fines or imprisonment. However, the Amendment has increased the minimum fine from AED 150,000 to AED 500,000, and the maximum fine from AED500,000 to AED 2 million.